In Pascal there is the Set object, that you set (n<256) bits and then can later check if bit n is set or not. Sort of like a bool array.

When you decompile a DOS Pascal program the IDA-Pro Flirt signatures will find the Set functions, in this example we will focus Set::MemberOf

arg_0 is the Set object and arg_4 is the byte we are checking to see if it’s set. When this code is called it looks like this:

and the byte_152FE location is an unknown mess like so:

as we know this data is a Set object, it would be nice if it was represented as such. Now we could Declare this a structure varaible (Alt-Q) by hand and then rename it. This works for a few small cases, but in the Gold Box games, Sets are used to manage lots of things so there are too many of them. The best trick here is to get IDA-Pro to do the work for us.

Firstly I assume you have creates a Set structure (needed for the above manual process) that is 0x20 bytes long.

Now go back to Set::MemberOf and Associate a prototype to a function (Y) and change the prototype from:

The first steps are to see above that the structure is 3 bytes wide, and create a structure for that (already done in the snaps above thus struct_6). Then in the incorrect usage shown above @ ovr032:0B51 select dword_1DA74 then Offset (User Defined)

Then set the Target delta to -3 (-1 * the size of structure (3))

and like magic it shows you correctly accessing the array

This ‘issue’ has only been the bane of my reverse engineering for like the last ten years.

In the DOS Gold Box games they use overlays to manage the ‘more code than memory’ problem of the DOS environment.

So when this code here (seg000:00F6) calls the sub_21979 it goes via a sub function sub_10180

Which jumps to the actual function when it has been loaded into ram (after swapping some other code out and other magic!)

here the actual called function

And IDA Pro links this all together auto-magically so life is good.

But really we want to remove the jump functions out of the loop, as we can have the whole project in memory. The main advantage of cleaning up is that sub_21979 only shows one place the refers to this function (green code in top right of picture), but the jump function may have many callers, and we don’t see that, and to explore the code requires jump in and out of the jump function, which gets annoying.

Here an .idc script to fix this up. It finds all the overlay jump functions, then loops across the referencing locations and rewrite those to call the actual jump target.